You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
Node 0.6.19 crashes on me when I try to sort a big enough Float64Array:
$ uname -a; node --version; node -e 'c = 149; b = new ArrayBuffer(8 * c); a = new Float64Array(b); Array.prototype.sort.apply(a, [function (x, y) { return x - y; }]); 0'
Linux [redacted] 3.2.0-24-generic #39-Ubuntu SMP Mon May 21 16:52:17 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
v0.6.19
Segmentation fault (core dumped)
valgrind says v8 is trying to dereference a small integer as if it were a pointer:
==10059== Invalid read of size 8
==10059== at 0x668756: v8::internal::JSObject::PrepareElementsForSort(unsigned int) (in /usr/bin/nodejs)
==10059== by 0x2C46A5DEA341: ???
[snip]
==10059== Address 0x7464 is not stack'd, malloc'd or (recently) free'd
It appears any c >= 149 causes the same crash trying to reach through (some_type *)0x7464, while smaller values of c do not.
This also happened in 0.6.18, whereas my build of 0.7.10-pre, commit f624413, does not crash on this input.
The text was updated successfully, but these errors were encountered:
It's a bug - maybe 'shortcoming' is a better word - in the V8 version that ships with 0.6.x, it doesn't support sorting external arrays (what typed arrays are). You're hitting this assert.
Node 0.6.19 crashes on me when I try to sort a big enough Float64Array:
valgrind says v8 is trying to dereference a small integer as if it were a pointer:
It appears any c >= 149 causes the same crash trying to reach through (some_type *)0x7464, while smaller values of c do not.
This also happened in 0.6.18, whereas my build of 0.7.10-pre, commit f624413, does not crash on this input.
The text was updated successfully, but these errors were encountered: